DATA  TRENDING

When your company team develops non-conformance / complaint / CAPA trend charts (usually from a spreadsheet), they'll need to ask the following questions and determine how to present and label / categorize the data presented so it can be acted upon (the key reason for collecting / trending in the first place):

• Frequency - generally monthly presentations and also showing yearly for the bigger picture;
• Areas charted, and Categories within each chart - should be based on risk of problem to the end-use / patient as no. 1, with business / financial / GMP compliance issues also important, but secondary;
• Is all the above structured and presented to assist in getting to root causes, and addressing and eliminating the problem in a timely manner;
• Is all the above designed to show resolution / effectiveness (e.g., a decline in the number of occurrences of each area / category) ;
• How will each chart be presented to senior management; how will action be taken on each / triggers (monthly Alert at 1.96 sigma (annual); monthly Action at 3.0 sigma (annual), or ...); how will such action(s) be documented monthly (a Trend Meeting, Agenda, and Minutes?).

These (and possibly other) issues are what the CGMPs, especially CAPA (see 21 CFR 820.100 and note a.1-7) and the Trending requirements are driving.  The FDA (and any QMS, i.e., ISO 13485) want companies to have quality systems in place that recognize system and product / supply chain / manufacturing / testing problems, highlight those problems (trending is part of this), and force / drive change (verified / validated / monitored for effectiveness) to eliminate those problems, then move on to the next inevitable group of problems. A proactive problem-solving system. 

-- jel@jelincoln.com

Note:  In calculating standard deviation for the Alert and Action levels, you should have approx. 100 data points before making that calculation, not use the monthly totals data for that calculation. JEL 06/01/2022 

Virtual Site Inspections / Audits in Times of Pandemic, et al

an approach ...

         Virtual Audits / Inspections, if applicable:  Using the information in a Vendor Audit SOP /

         Attachment, develop an Audit Plan / Script that can be conducted by a video

         conferencing tool, e.g., Skype®, Zoom®, WebEx®,  GoToMeeting®, MS-Team®,

         and/or the use of a phone camera or similar.  Enlist the help of a QA/QC contact

         person at the vendor to assist with the video. 

         Then:

·     Obtain e-copies, pdf, or paper copies pre-sent of the QM, SOP Index / Titles, specific applicable SOPs, Establishment Registration Number, applicable 510(k) K numbers / dates, catalog (or website screen captures), certifications, last US FDA 483 if available, and so on;  

·     “Tour” their facility, with their contact person taking visuals with the digital camera;

·     Focus on areas of interest to you, e.g., IQC, Inventory Storage, Manufacturing, specific work stations, FG QA, post-production activities, if applicable, and similar;

·     Video, smart phone photo, specific activities, specific documents related to your product (or obtain e-copies, pdf, or paper copies pre-sent;

·     Request additional supplemental videos, if needed, during course of desk audit.

                        ·     Compile a written “narrative” of the video for the file (or the actual video in 21                                    CFR11/system-validated storage.  

    -- jel@jelincoln.com  

Note:  The above should be considered an addition to the remote audit's use of a check list and questions and answers.  I've done several such remote inspections / audits, working off a check list, e.g., a general verbal description of their operation, and then the checklist's questions tied to 820 's 15 subparts (A-O),  and/or ISO 13485's 4 key operational sections (4-8).  I ask how they've addressed each, asking additional supplemental questions to fill in my understanding of their QMS, in some cases using their descriptions to flow chart the operation (which I include in the Report).  It's where I have unanswered questions or need additional verification that I utilize the above "tour" and visual / camera copies of documentation.

I always review my draft report with their team prior to the "visit's" conclusion, and prior to submitting my final, formal report. - 06/07/2022   

         One Possible Approach to an Approved Vendor List

         Based on part / component criticality (to patient / end user / clinician).    

               Based on product risk, supplier / vendor audit results, incoming QC trend data,    

               and other factors, a list of approved vendors, and their criticality should be 

               established and maintained by QA, separately, or in each vendor’s file. 

                 

Criticality (based on risk to the patient / end user / clinician):

   

Criticality Category	Ranking	Category
01.  Lab services – contracted – clean room         / controlled manufacturing area testing,           biocompatibility, EO / BI / gamma        validation and testing, GMP        compatibility issues	High (Major)	Services
02.  Calibration services -- contracted	High	Services
03.  Patient fluid path contact	High	Parts
04.  Tissue, bone and dentin contact	High	Parts
05.  Sterile barrier	High	Parts
06.  Sterilization services – contracted	High	Services
07.  Patient contact, general	Moderate	Parts
08.  Test equipment, tooling, fixturing          manufacturers – company validated	Moderate	Services / Equipment
09.  Equipment, tooling, fixturing;            manufacturers – company validated	Low (Minor)	Services / Equipment
10.  No patient contact	Low	Parts
11.  Manufacturing Materials – fully            removed during processing (validated)	Low	Parts

Ranking explained (reference: “Guidance for the Content of Premarket Submissions for Software Contained in Medical Devices Document”, May 11, 2005):

Ranking:	Explanation:
Major	A failure or latent flaw could directly result in death or serious injury to the patient or operator. The level of concern is also Major if a failure or latent flaw could indirectly result in death or serious injury of the patient or operator through incorrect or delayed information or through the action of a care provider.
Moderate	A failure or latent design flaw could directly result in minor injury to the patient or operator. The level of concern is also Moderate if a failure or latent flaw could indirectly result in minor injury to the patient or operator through incorrect or delayed information or through the action of a care provider.
Minor	Failures or latent design flaws are unlikely to cause any injury to the patient or operator

     

      6.11  Critical Vendors:  Suppliers / vendors ranked “High / Major” on the above tables     

               are determined to be “critical”.  Critical suppliers are to be subjected to an initial

               site (or virtual) audit.  Follow-up reviews / frequency will be determined by patient /

               user risk factors as mentioned above and/or a Product Risk Management File, and the

               quality of their deliverables, maintenance of their CGMP compliance and/or

               certifications. 

               The type of vendors to be considered “critical” could consist of: 

               Independent test labs, calibration services, contract sterilizers, manufacturers of   

               critical / high risk components, compliance consultants, Notified-Bodies (generally

               will not be audited by the company, as they are subject to their own competent

               authority oversight), and similar. 

               Moderate risk vendors will be subject to an initial desk audit (see Attachment 1),

               supplemented by any additional follow up phone interviews (document in memo to    

               file) and/or e-mail correspondence (initialed and dated)

               All High and Moderate vendors will be subject to a periodic review, usually

               annually, as to performance, retention or replacement, and/or need for any

               supplemental re-audit / re-inspection; documented by a memo to their file.  

               Low risk ranked vendors will be subject to review / action if any deliverable is found

               non-conforming, and such review will be included in the NCMR or other CAPA

               documentation.

              --  jel@jelincoln.com 

EU MDR’s Implementation Postponed for One Year

On Friday 17 April 2020, the European Parliament adopted the European Commission’s proposal to postpone implementation of tThe EU’s Medical Devices Regulation (MDR) 2017/745 for 12 months due to the COVID-19 pandemic and the potential impact it will have on EU MDR implementation. 

The proposal also has to be approved by the member states and published in the Official Journal of the European Union (OJEU) before it enters into force. This is to be by 26 May 2020 at the latest. Once in force, the new Date of Application for the MDR will be 26 May 2021.

jel@jelincoln.com

Note:  Complete transition has been further delayed.  JEL 09/20/2023 

Job Hunting

My response (slightly expanded) to a discouraged new job seeker on a forum.  Appropriate in view of the current job market.

The first job is the hardest. Get any experience you can including internships, temp and/or part time. Include responsible volunteer positions you may have filled. 

Try to get in front of the actual hiring person, rather than HR. Approach the hiring person with what you can do for them / their company, based on your research about their company on the Internet, friends who've worked there, etc. Do not focus on or imply you want the job to get a car and a place to live (your personal reasons). Focus on their needs and your proven qualities that would help them to meet those needs. 

For starters, I find it helps to compile a personal list of abilities, accomplishments, by going over my past life (several times), and writing down / listing those actions, projects, events, that I felt proud of, that were noteworthy accomplishments, that moved something forward, maybe in spite of problems / obstacles / challenges (not necessarily job related, but school, personal, sports, volunteer, community ...), and then rewriting them into business advantages / tools /qualities, using business terminology. E.g., were you successful in assisting in getting some activity started, running, and finished - see how that could be adapted to successfully leading / managing a business project (project management; self-starter, self-managed).  Change your personal terminology into business terminology -- learn some of the related tools, e.g., project management tools: flow charts, the Gantt Chart (easy to learn and implement on a word processing app or spreadsheet app. -- Google helps here for examples / explanations; and you don't need a certificate, just enough familiarity to adapt, define,  run, explain, and complete a small project).    . 

Have a "story", real examples, of how you would meet their business needs, by how you actually met similar needs / challenges in the past, the steps you took, your thinking / actions / approaches ... Role-play with a mature friend so your responses become 2nd nature. Expect and welcome open-ended questions, like "tell me a little about yourself'", by not giving your life story, hobbies, personal interests, but target your response - maybe even rephrase their question and then reiterate your qualities that fit their needs. 

And don't talk yourself out of a potential job interview because you think it doesn't seem to fit. If it appears close: Apply. Go. Do the above, and if the job offer doesn't come, at least it was their decision, not yours. You'll get more experience at job interviews, and, more importantly, I personally have seen other opportunities open from the same company when the initial job wasn't a fit, but they liked what I brought to the table, and knew of a future opening that would be a great fit. Look for openings before they're advertised by talking about what you're doing (and listening) with all your contacts, since there will then be less competition = networking. Be professional / modest in appearance (dress one step up from what would be called for in the actual position), conduct, language, conversation, word choice, etc. Minimize anything off-putting, e.g., piercings, tattoos, wild hair styles / colors, etc., unless those are typical of that workplace. 

And recognize that there will be many "nos" until the "yes", so don't let the experience affect your self-worth (easier said than done). Be positive and smile, even if you don't feel that way inside.

John E. Lincoln   jel@jelincoln.com

Don't let the current COVID-19 cautions stop your company's internal and vendor inspections / audits.  Learn remote approaches and tools to conduct successful cGMP compliance inspections / audits 100% remotely.  Check out my latest new webinar on:

CONDUCTING  REMOTE / VIRTUAL  CGMP INSPECTIONS  DURING  COVID-19 -

PER US FDA CGMPs and EU ISO  

at

https://jelincoln.com/GMPCourses.html

jel@jelincoln.com

Some of my upcoming webinars:


FDA CDS Software Regulation: The Latest Guidance on Clinical Decision Support Software 19-May, 2020 at 01:00 PM ET.
https://www.eventbrite.com/e/fda-cds-software-regulation-the-latest-guidance-on-clinical-decision-support-software-tickets-85457099485


Verification and/or Validation to meet US FDA CGMP and ISO 13485 Requirements 10-June, 2020 at 01:00 PM EST 
https://worldcomplianceseminars.com/webinardetails/799

How to Deploy Root Cause & CAPA to Minimize Human Error 24-June, 2020 at 01:00 PM ET

https://worldcomplianceseminars.com/webinardetails/848 Medical Device Change Management 08-July, 2020 at 01:00 PM ET  https://worldcomplianceseminars.com/webinardetails/849 jel@jelincoln.com

Questions / Answers from my recent IQ, OQ, PQ Webinar

1. Ques: when leveraging vendors' documentation, for example SAT testing leveraging into qualification, what are the main principles to be in place.

Ans:  Take your VMP requirements for the validation of that piece of equipment, subtract those SAT-satisfied tests, and develop test cases for the remainder, including any SAT tests that may be negatively impacted by actions upon the equipment since the SAT was performed, e.g., movement / transport, installation ... I've done this many times and had no push-back from regulatory agencies.  In fact it's specifically mentioned in ASTM E 2500 as an acceptable / preferred method.  

2.  Ques: what are the main principles with bracketing/family approach testing? 

Ans:  It would depend on the equipment family we're talking about (its complexity, inherent variability and end user risk).  As I mentioned in the webinar, I'm not much of a believer in Like-for-like, due to inherent variability in any equipment's manufacturing process.  But anything that is not (or minimally) subject to such variability, such as the equipment's software / firmware, in differing serial numbers of the same model of equipment, having the same software rev. no. / release no., could be considered, and those remaining / hardware elements, of minimal variability (based on data, or to a lesser degree, a priori considerations), if also low risk to the end user / patient, could be considered. 

Usually this "consideration" would mean that the validation of the 2nd , 3rd ... iteration of the "same" type of equipment, would be much reduced in possible number of test cases, number of elements in each test case,  reduced test case sample sizes (PQs), the numbers of PQs run, degree of repetitive descriptive documentation, etc., ... in subsequent validations compared to the first (of course, with cross-references in subsequent related validations to the initial validation).

In some / many cases the issue falls into a grey area, and it might be wise to validate, rather than try to develop a rationale and defend that rationale repeatedly with all stakeholders / inspectors, with the strong possibility after all that you could still lose the argument with a regulatory agency and have to validate anyway (been there, done that). 

jel@jelincoln.com  

A Question on My Recent Webinar on Project Management for FDA Regulated Companies

Query : I'm an informally trained Project Management ... Now I am working on launching product and don't have FDA/EPA experience and we are launching product that falls under either regulation. Would this course (Project Management for FDA regulated companies) be of help?

Ans:  Definitely.  This course focuses on use of simple PM tools to drive FDA projects  (basically PM for the non-PM certified manager).  We cover 3 key tools:  the Gantt Chart (emphasized), the  CPM, and the PERT (with the last two considered for their network, and parallel path illustrative value); also discussing additional tools such as flow charts and cause and effect diagrams to assist in developing Milestones and Tasks.

The projects discussed with sample milestones / templates are:  

• Design Control (21 CFR 820.30) / Design and Development Planning (ISO 13485:2016 7.3) for new device development; 
• Product / Process / Equipment / Software Validation; 
• Product Risk Management (ISO 14971); 
• Use Engineering / Human Factors Engineering (IEC 62366-1:2015); 
• Regulatory compliance inspection (Form 483) remediation.  

Due to the short length of the presentations, only the key milestones of each are listed / discussed, but that should be enough to start on the right path to use PM tools in those areas, fleshing out the tasks under the milestones by "reverse engineering", discussed in the webinar.  

Design Control does have an extensive Milestones / tasks listing, but most of the others only focus on Milestones.  

Though not discussed in the webinar, one could take the 21 "tabs" of the FDA's required 510(k) submission to develop the key Milestones for a 510(k) submission as well. 

jel@jelincoln.com

The 21 510(k) "tabs" have been added as project milestones discussed in subsequent versions of my Project Management webinars. - - JEL 09/20/2023

Key steps in the validation of the pharmaceutical manufacturing process per US FDA Guidance Document:

Process Validation Guidance Document (Pharma), US FDA,  Jan 2011

• Stage 1 – Process Design
• Stage 2 – Qualification
  • Part 1 – Facility Design
  • Part 2 – Qualification of Utilities & Equipment
    • Subsection 1 – Installation Qualification
    • Subsection 2 – Operational Qualification
    • Subsection 3 – Performance Qualification
  • Part 3 – Process Performance Qualification (PPQ)  
• Stage 3 – Continued Process Verification (ongoing)

John E. Lincoln, jel@jelincoln.com

EO Sterilization Re-validation

If you perform an annual documentation / process review (review of past years' sterile load lot information), with no problems noted, documented, then the following is required every two years, assuming nothing in your process / product has had major changes:

The minimum re-validation requirements of ISO 11135-1:

• Re-validate PCDs (verify that the ½ cycle BIs are more resistant than product bioburden);
• Bioburden measurement (should be doing quarterly; no changes in average levels);
• EO residuals (no subtle changes in product / process / packaging that could increase residuals)
• 1 Half Cycle (verify overkill)
• 1 Full Cycle (also used for the EO residuals testing); if acceptable / sterile, can be released for sale.

Also every two years, a full EO validation is required, e.g., 1st year:  Initial full validation, 2nd year:  If OK review, then abbreviated V&V (per above); 3rd year:  full validation; 4th year:  If OK review, then abbreviated V&V (per above); and so on.

John E. Lincoln               jel@jelincoln.com

Latest updated webinar on Cybersecurity by John:

https://jelincoln.com/GMPCourses.html